from Hacker News

BLESS: SSH Certificate Authority for Ephemeral SSH Sessions

by kkl on 5/21/16, 10:17 PM with 18 comments

by IgorPartola on 5/22/16, 12:36 AM
So a couple of things. First off, this is using AWS for two important services. That is probably a no go for a whole bunch of people right away.
But where it really lost me is that it is "yet another thing with a custom installer" or YATWACI (tm). Let me say it again: if you want wide adoption of your software, get it $@&!ing packaged for popular OS's. It is not hard, and is way nicer than "well first, create a virtualenv..."
by d33 on 5/22/16, 12:20 AM
Oh gosh, I thought it's going to be yet another fancy name for a new vulnerability.
by sumobob on 5/22/16, 4:44 AM
Can someone explain what this is for? I read the readme but still have no clue
by therealidiot on 5/22/16, 8:44 PM
While not completely related, can anybody suggest a good, clean way of implementing centralised login under Linux?
With yp/nis being out of date (and not considered secure?) most things seem to point to using Kerberos for auth, but how do people then go about syncing passwd or some other method of getting all user accounts consistent across all machines?
Then what about files, is nfs still the preferred method of sharing the home directories?
Some questions. Sorry